FreifunkHochstift
/
ffho-salt-public


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131
							#
# FFHO IGP / OSPF configuration (Salt managed)
#

{%- set node_config = salt['pillar.get']('nodes:' ~ grains['id'], {}) %}
{%- set ospf_node_config = node_config.get('ospf', {}) %}
{%- if 'stub_router' in ospf_node_config and ospf_node_config['stub_router'] in [ True, 'yes'] %}
  {%- do ospf_node_config.update ({'stub_router': 'yes'}) %}
{%- endif %}

{%- if proto == 'v6' %}
# Bloody workaround for bird6's unwillingness to read !LL IPv6 addresses from lo
protocol direct lo_v6 {
	interface "lo";
}
{%- endif %}

protocol ospf IGP {
	import all;
{%- if proto == 'v4' %}
  {%- if grains['id'].startswith ('cr') %}
	export filter {
		if net = 0.0.0.0/0 then {
			ospf_metric1 = 100;
			accept;
		}

		reject;
	};
  {%- else %}
	export none;
  {%- endif %}
{%- elif proto == 'v6' %}
	export filter {
  {%- if grains['id'].startswith ('cr') %}
		if net = ::/0 then {
			ospf_metric1 = 100;
			accept;
		}
  {%- endif %}

		if proto = "lo_v6" then {
			ospf_metric1 = 100;
			accept;
		}

		reject;
	};
{%- endif %}

	area 0.0.0.0 {
		stub {{ ospf_node_config.get ('stub_router', 'no') }} ;

		interface "lo" {
			stub yes;
		};

{#-
 # Wired / Wireless IP-Backbone links
 #
 # Prefer direct Layer2 connections (via Ethernet cable or WBBL) between nodes
 # Vlan 10xy are direct wired Ethernet connection
 # Vlan 20xy are AF-X based WBBL
 # Vlan 22xy are non-AF-X based WBBL
 #
 # Watch management interfaces as stub interfaces.
 #}
{%- set ospf_interface_config = salt['ffho_net.get_ospf_interface_config'](node_config, grains['id']) %}
{%- for iface in ospf_interface_config|sort %}
  {%- set config = ospf_interface_config.get (iface) %}

  {#- Interface description? #}
  {%- set desc = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':ifaces:' ~ iface ~ ':desc', "") %}

		# {{ desc }}
		interface "{{ iface }}" {
    {%- if 'desc' in config %}
			# {{ config.get ('desc') }}
    {%- endif %}
    {%- for attr in config|sort if attr not in ['desc'] %}
			{{ attr }} {{ config.get (attr) }};
    {%- endfor %}
		};

{%- endfor %}

{#-
 # Backbone OpenVPNs
 #}
{%- set interfaces = {} %}
{%- for vpn, vpn_config in salt['pillar.get']('ovpn', {}).items () %}
  {%- if grains['id'] in vpn_config %}
    {%- set host_config = vpn_config.get (grains['id'], {}).get ('config', {}) %}
    {%- set interface = host_config.get ('interface', vpn_config.get ('interface', '')) %}
    {%- if interface.startswith ('ovpn-') %}
      {%- do interfaces.update({interface: { 'cost': vpn_config.get (grains['id'], {}).get ('config', {}).get ('cost', False) }}) %}
    {%- endif %}
  {%- endif %}
{%- endfor %}
{%- for interface, iface_config in interfaces.items()|sort %}
		interface "{{ interface }}" {
  {%- if interface.startswith ('ovpn-er-') and proto == 'v6' %}
			type broadcast;
  {%- else %}
			type pointopoint;
  {%- endif %}

  {%- if iface_config.cost %}
			cost {{ iface_config.cost }};
  {%- elif interface.startswith ('ovpn-cr') %}
			cost 5000;
  {%- else %}
			cost 10000;
  {%- endif %}
		};
{% endfor %}

{%- if 'veth_int2ext' in node_config.get ('ifaces', {}) %}
		# Learn transfer prefix to external VRF for BGP recursive lookup.
		interface "veth_int2ext" {
			stub yes;
		};
{%- endif %}

{%- if grains['id'].startswith ('cr01') %}
		interface "tun-ops" {
			stub yes;
		};
{%- endif %}
	};
}